Jul 18 2017 01:54 AM
Hi everyone,
I need your help.
I have web service on Azure. I'm making AJAX call to it from SPO (CORS implemented). If there is no authentication everything is fine. But then when I turn on AAD authentication for web service then it's not working and I get:
"XMLHttpRequest cannot load https://<App_URL>. Redirect from https://<App_URL> to 'https://login.windows.net/some_guid/oauth2_tokens/etc has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://<tenant_name>.sharepoint.com' is therefore not allowed access."
I assume that it's because my web service makes redirection to login.windows.net and such redirection is not properly handled in terms of CORS.
I'm in the dead end. How to resolve such issue? Any ideas, solutions, advices?
Thanks in advance
Jul 18 2017 02:48 AM
HI @Michal Guzowski,
I would have a look at the SPFx/PnP approach.
https://dev.office.com/sharepoint/docs/spfx/web-parts/guidance/connect-to-api-secured-with-aad
Jul 18 2017 06:51 AM
Jul 18 2017 12:35 PM
SolutionI finally resolve my issue.
Since adal.js does not support app permissions (client id + secret) the only option to prevent issue when user does not visit app directly for the first time is to handle that manually. In other words I catch onerror event when sending XMLHttpRequest, set some flags (just to prevent loopback) and redirect user to special endpoint on my web service. This endpoint redirect user back where he comes from and that's it. Every next access to the Sharepoint page does not require such roundtrip since app has been visited for the first time and now pure adal.js works fine (adviced by @Pieter Veenstra).
Jul 18 2017 12:35 PM
SolutionI finally resolve my issue.
Since adal.js does not support app permissions (client id + secret) the only option to prevent issue when user does not visit app directly for the first time is to handle that manually. In other words I catch onerror event when sending XMLHttpRequest, set some flags (just to prevent loopback) and redirect user to special endpoint on my web service. This endpoint redirect user back where he comes from and that's it. Every next access to the Sharepoint page does not require such roundtrip since app has been visited for the first time and now pure adal.js works fine (adviced by @Pieter Veenstra).